Add updates to keyless integration guide #343
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
✅ Deploy Preview for aptos-developer-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
gregnazario
reviewed
May 28, 2024
There was a problem hiding this comment.
Let's move this guide to Nextra see the guide here https://preview.aptos.dev/en/developer-platforms/contribute
|
|
||
| Eventually your EphemeralKeyPair will expire or the JWK used to validate the token will be rotated. In these cases the KeylessAccount must be refreshed with a new JWT token. To detect errors, use a try catch on sign and submit and switch on the KeylessError.type. | ||
|
|
||
| ```tsx |
| Developers may opt to use their own pepper service/scheme and can override use of the labs hosted pepper service. | ||
|
|
||
| Example | ||
| ```tsx |
| Certain dApps may want to use 'email' instead of the default 'sub' claim to identify user. This allows dApps to mint NFTs to a user's email even if the user has not created an account yet. Note that this also means that if a user changes their emails with respect to the IdP, they may love access to their account. | ||
|
|
||
| Example | ||
| ```tsx |
gregnazario
reviewed
Jun 1, 2024
|
|
||
| Eventually your EphemeralKeyPair will expire or the JWK used to validate the token will be rotated. In these cases the KeylessAccount must be refreshed with a new JWT token. To detect errors, use a try catch on sign and submit and switch on the KeylessError.type. | ||
|
|
||
| ```tsx |
There was a problem hiding this comment.
Suggested change
| ```tsx | |
| ```ts |
Comment on lines
+62
to
+67
| ## Example Implementaion | ||
|
|
||
| You can find an example app demonstrating how to do basic Keyless integration with Google in the repository below. Follow the directions in the README to get started quickly with Keyless. For more detailed instructions please read the rest of the integration guide. | ||
|
|
||
| https://github.com/aptos-labs/aptos-keyless-example/ | ||
|
|
There was a problem hiding this comment.
Suggested change
| ## Example Implementaion | |
| You can find an example app demonstrating how to do basic Keyless integration with Google in the repository below. Follow the directions in the README to get started quickly with Keyless. For more detailed instructions please read the rest of the integration guide. | |
| https://github.com/aptos-labs/aptos-keyless-example/ | |
| ## Example Implementaion | |
| You can find an example app demonstrating basic Keyless integration with Google in the [aptos-keyless-example repository](https://github.com/aptos-labs/aptos-keyless-example/). Follow the directions in the README to start with the example. For more detailed instructions on keyless, please read the rest of this integration guide. | |
| Developers may opt to use their own pepper service/scheme and can override use of the labs hosted pepper service. | ||
|
|
||
| Example | ||
| ```tsx |
There was a problem hiding this comment.
Suggested change
| ```tsx | |
| ```ts |
| Certain dApps may want to use 'email' instead of the default 'sub' claim to identify user. This allows dApps to mint NFTs to a user's email even if the user has not created an account yet. Note that this also means that if a user changes their emails with respect to the IdP, they may love access to their account. | ||
|
|
||
| Example | ||
| ```tsx |
There was a problem hiding this comment.
Suggested change
| ```tsx | |
| ```ts |
|
|
||
| ## SDK Configurable Options | ||
|
|
||
| The Keyless SDK provides several configurable options for Keyless Account derivation |
There was a problem hiding this comment.
Suggested change
| The Keyless SDK provides several configurable options for Keyless Account derivation | |
| The Keyless SDK provides several options for Keyless Account derivation. |
| Fetching the proof may take a few seconds and can be done in the background to allow for a more responsive user experience. To enable asyncronous proof fetching just provide a callback to be invoked on proof fetch completion. | ||
|
|
||
| Example | ||
| ```tsx |
There was a problem hiding this comment.
Suggested change
| ```tsx | |
| ```ts |
Comment on lines
+469
to
+472
| By default, the expiry time of the EphemeralKeyPair is set to be maximum allowed time in the future, now + 10000000 seconds. To avoid proofs that are long lived which can be a security risk, | ||
| ```tsx | ||
| const ephemeralKeyPair = EphemeralKeyPair.generate({expiryDateSecs: 1721397500}); | ||
| ``` |
There was a problem hiding this comment.
This doesn't describe the purpose of this well. And I think it's taking some jumps assuming the user knows what these mean. It says security risk, and it says to avoid it, but why?
Suggested change
| By default, the expiry time of the EphemeralKeyPair is set to be maximum allowed time in the future, now + 10000000 seconds. To avoid proofs that are long lived which can be a security risk, | |
| ```tsx | |
| const ephemeralKeyPair = EphemeralKeyPair.generate({expiryDateSecs: 1721397500}); | |
| ``` | |
| By default, the expiry time of the EphemeralKeyPair is set to be the maximum allowed time in the future, now + 10000000 seconds. To reduce the amount of time that a proof expires, you can override the expiration date seconds. | |
| ```ts | |
| const ephemeralKeyPair = EphemeralKeyPair.generate({expiryDateSecs: 1721397500}); |
|
|
||
| ## Pepper Service API | ||
|
|
||
| The pepper service is an Aptos Labs hosted API that computes a pepper as a result of a verifiable unpredictible function (VUF). The inputs to the VUF are the iss, uid_key (defaults to sub), uid_val, aud. |
There was a problem hiding this comment.
Okay... there are like 10 abbreviations here, and it doesn't read well. Should we describe what a pepper is?
Pepper service makes peppers, but why?
Suggested change
| The pepper service is an Aptos Labs hosted API that computes a pepper as a result of a verifiable unpredictible function (VUF). The inputs to the VUF are the iss, uid_key (defaults to sub), uid_val, aud. | |
| The pepper service is an Aptos Labs hosted API that computes a pepper as a result of a verifiable unpredictible function (VUF). The inputs to the VUF are the `iss`, `uid_key` (defaults to `sub`), `uid_val`, `aud`. |
|
|
||
| ## Prover Service API | ||
|
|
||
| The prover service is an Aptos Labs hosted API that computes zero-knowledge proofs. |
|
|
||
| The prover service is an Aptos Labs hosted API that computes zero-knowledge proofs. | ||
|
|
||
| The input to the prover consists of the same request to the pepper service with the addition of the pepper and the max expiry horizon. The inputs to the prover must satisfy the circuit relation for secret witness generation. |
There was a problem hiding this comment.
Prover must satisfy circuit relation is a weird sentence
Suggested change
| The input to the prover consists of the same request to the pepper service with the addition of the pepper and the max expiry horizon. The inputs to the prover must satisfy the circuit relation for secret witness generation. | |
| The prover service takes the same request as the pepper service with two additional inputs, the pepper and the max expiry horizon. The inputs to the prover must satisfy the circuit relation for secret witness generation. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Checklist
pnpm spellcheck?pnpm fmt?pnpm lint?